fix: 500/ dont expose invalid base64 decode error for page token (#1314)

flipt-io · Feb 3, 2023 · e495c91 · e495c91
1 parent 0af41e9
commit e495c91
Show file tree

Hide file tree

Showing 6 changed files with 75 additions and 6 deletions.
diff --git a/internal/server/flag.go b/internal/server/flag.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 
+	"go.flipt.io/flipt/errors"
 	fliptotel "go.flipt.io/flipt/internal/server/otel"
 	"go.flipt.io/flipt/internal/storage"
 	flipt "go.flipt.io/flipt/rpc/flipt"
@@ -47,7 +48,7 @@ func (s *Server) ListFlags(ctx context.Context, r *flipt.ListFlagRequest) (*flip
 	if r.PageToken != "" {
 		tok, err := base64.StdEncoding.DecodeString(r.PageToken)
 		if err != nil {
-			return nil, err
+			return nil, errors.ErrInvalidf("pageToken is not valid: %q", r.PageToken)
 		}
 
 		opts = append(opts, storage.WithPageToken(string(tok)))

diff --git a/internal/server/flag_test.go b/internal/server/flag_test.go
@@ -80,7 +80,7 @@ func TestListFlags_PaginationOffset(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
-func TestListFlags_PaginationNextPageToken(t *testing.T) {
+func TestListFlags_PaginationPageToken(t *testing.T) {
 	var (
 		store  = &storeMock{}
 		logger = zaptest.NewLogger(t)
@@ -124,6 +124,28 @@ func TestListFlags_PaginationNextPageToken(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
+func TestListFlags_PaginationInvalidPageToken(t *testing.T) {
+	var (
+		store  = &storeMock{}
+		logger = zaptest.NewLogger(t)
+		s      = &Server{
+			logger: logger,
+			store:  store,
+		}
+	)
+
+	defer store.AssertExpectations(t)
+
+	store.AssertNotCalled(t, "ListFlags")
+
+	_, err := s.ListFlags(context.TODO(), &flipt.ListFlagRequest{
+		PageToken: "Invalid string",
+		Offset:    10,
+	})
+
+	assert.EqualError(t, err, `pageToken is not valid: "Invalid string"`)
+}
+
 func TestCreateFlag(t *testing.T) {
 	var (
 		store  = &storeMock{}

diff --git a/internal/server/rule.go b/internal/server/rule.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 
+	"go.flipt.io/flipt/errors"
 	"go.flipt.io/flipt/internal/storage"
 	flipt "go.flipt.io/flipt/rpc/flipt"
 	"go.uber.org/zap"
@@ -31,7 +32,7 @@ func (s *Server) ListRules(ctx context.Context, r *flipt.ListRuleRequest) (*flip
 	if r.PageToken != "" {
 		tok, err := base64.StdEncoding.DecodeString(r.PageToken)
 		if err != nil {
-			return nil, err
+			return nil, errors.ErrInvalidf("pageToken is not valid: %q", r.PageToken)
 		}
 
 		opts = append(opts, storage.WithPageToken(string(tok)))

diff --git a/internal/server/rule_test.go b/internal/server/rule_test.go
@@ -77,7 +77,7 @@ func TestListRules_PaginationOffset(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
-func TestListRules_PaginationNextPageToken(t *testing.T) {
+func TestListRules_PaginationPageToken(t *testing.T) {
 	var (
 		store  = &storeMock{}
 		logger = zaptest.NewLogger(t)
@@ -121,6 +121,28 @@ func TestListRules_PaginationNextPageToken(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
+func TestListRules_PaginationInvalidPageToken(t *testing.T) {
+	var (
+		store  = &storeMock{}
+		logger = zaptest.NewLogger(t)
+		s      = &Server{
+			logger: logger,
+			store:  store,
+		}
+	)
+
+	defer store.AssertExpectations(t)
+
+	store.AssertNotCalled(t, "ListRules")
+
+	_, err := s.ListRules(context.TODO(), &flipt.ListRuleRequest{FlagKey: "flagKey",
+		PageToken: "Invalid string",
+		Offset:    10,
+	})
+
+	assert.EqualError(t, err, `pageToken is not valid: "Invalid string"`)
+}
+
 func TestCreateRule(t *testing.T) {
 	var (
 		store  = &storeMock{}

diff --git a/internal/server/segment.go b/internal/server/segment.go
@@ -4,6 +4,7 @@ import (
 	"context"
 	"encoding/base64"
 
+	"go.flipt.io/flipt/errors"
 	"go.flipt.io/flipt/internal/storage"
 	flipt "go.flipt.io/flipt/rpc/flipt"
 	"go.uber.org/zap"
@@ -31,7 +32,7 @@ func (s *Server) ListSegments(ctx context.Context, r *flipt.ListSegmentRequest)
 	if r.PageToken != "" {
 		tok, err := base64.StdEncoding.DecodeString(r.PageToken)
 		if err != nil {
-			return nil, err
+			return nil, errors.ErrInvalidf("pageToken is not valid: %q", r.PageToken)
 		}
 
 		opts = append(opts, storage.WithPageToken(string(tok)))

diff --git a/internal/server/segment_test.go b/internal/server/segment_test.go
@@ -77,7 +77,7 @@ func TestListSegments_PaginationOffset(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
-func TestListSegments_PaginationNextPageToken(t *testing.T) {
+func TestListSegments_PaginationPageToken(t *testing.T) {
 	var (
 		store  = &storeMock{}
 		logger = zaptest.NewLogger(t)
@@ -121,6 +121,28 @@ func TestListSegments_PaginationNextPageToken(t *testing.T) {
 	assert.Equal(t, int32(1), got.TotalCount)
 }
 
+func TestListSegments_PaginationInvalidPageToken(t *testing.T) {
+	var (
+		store  = &storeMock{}
+		logger = zaptest.NewLogger(t)
+		s      = &Server{
+			logger: logger,
+			store:  store,
+		}
+	)
+
+	defer store.AssertExpectations(t)
+
+	store.AssertNotCalled(t, "ListSegments")
+
+	_, err := s.ListSegments(context.TODO(), &flipt.ListSegmentRequest{
+		PageToken: "Invalid string",
+		Offset:    10,
+	})
+
+	assert.EqualError(t, err, `pageToken is not valid: "Invalid string"`)
+}
+
 func TestCreateSegment(t *testing.T) {
 	var (
 		store  = &storeMock{}